Tag: Cybersecurity

Marine corp data breach lesson: human error is often the cause and is preventable

There has been a data breach emanating from the U.S. Marine Corps Forces Reserve that impacted 21,426 individuals. The breach exposed their sensitive personal information such as truncated social security numbers, bank electronic funds transfer and bank routing numbers, truncated credit card information, mailing address, residential address and emergency contact information. Calm down and press the…

Read More

What is “reasonable cybersecurity” and how do courts view it? (SecureWorld interviews)

What is “reasonable cybersecurity” and how do courts view “reasonable cybersecurity”? See KnowB4’s discussion of these interviews These are two excellent questions that I was asked and I answered, as succinctly as I could, in two short interviews with SecureWorld. Tell me what you think about my answers. What Is Reasonable Cybersecurity? – SecureWorld article…

Read More

Uber CISO’s Testimony Clarifies Payment to Hackers was Not Legitimate Use of Bug Bounty Program

As bits of information about the Uber data breach have trickled out, including the purported payment through a bug bounty program, I have been concerned about the implications on legitimate corporate bug bounty programs. My concerns grew when I read the New York Times article, Inside Uber’s $100,000 Payment to a Hacker, and the Fallout. …

Read More

Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies

It is important for all companies — especially small and midsize companies — to have a basic understanding of what the FTC considers to be reasonable cybersecurity. The FTC is known for being one of the more aggressive regulators that are investigating and enforcing (what it views as) inadequate cybersecurity by companies doing business in the United States….

Read More

Y2K18? Are #Spectre and #Meltdown the Y2K Apocalypse, Eighteen Years Late?

Hear Shawn Tuma interviewed on News Radio 570 KLIF – Experts: Update Settings and Download Updates to Protect from “Meltdown” and “Spectre” CLICK HERE if you are impatient and only want to know what you should do ASAP to protect against Spectre and Meltdown With Y2K we had a warning. So much of a warning that…

Read More

Lost Unencrypted USB of Heathrow Airport Security Files Exemplifies Poor Cyber Hygiene

Basic cyber hygiene has been a hot topic in cybersecurity, and for good reason. Most of the incidents that impact companies start with failures of basic cyber hygiene, not the super-sophisticated stuff of the movies. See Start with Cybersecurity Basics: Confirmed by Verizon’s 2016 Data Breach Report. One of the most fundamental rules of cyber hygiene is…

Read More

3 Legal Points for InfoSec Teams to Consider Before an Incident

As a teaser to my presentation at SecureWorld – Dallas last week, I did a brief interview with SecureWorld and talked about three of the points I would make in my lunch keynote, The Legal Case for Cybersecurity. If you’re going to SecureWorld – Denver next week, join me for the lunch keynote on Thursday (11/2)…

Read More

#CyberAvengers: A National Cybersecurity Action Plan is a Serious Priority

Read the #CyberAvengers’ recent article, Ransomware Spreading Like Crazy Worms, on NextGov.com, Levick.com, or The #CyberAvengers website. _____________________________ The #CyberAvengers (Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma, Christophe Veltsos) are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking […]

Read More
%d bloggers like this: